Jenkins

Security checks across malware telemetry and agentic risk

Overview

This Jenkins skill appears to be a normal CI/CD helper, but users should treat build and stop actions as real operational changes.

Install only with a Jenkins account scoped to the jobs you want the agent to manage. Confirm job names and build numbers before triggering or stopping anything, especially for production deployment pipelines.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill exposes state-changing Jenkins operations such as triggering and stopping builds, but it does not warn users that these actions can alter CI/CD state, start deployments, consume infrastructure, or interrupt production-related jobs. In the Jenkins context this is materially important because these commands act on real automation systems and can have immediate operational consequences if invoked accidentally or with the wrong target job.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal